Privacy - rights of the subject
According to the Article 13 of EU Regulation no. 2016/679 (Later called “GDPR”), We would like to inform you that the processing of personal data will be carried out with the appropriate methods and procedures in order to guarantee the respect for human rights and fundamental freedoms, as well as the individual dignity, with particular reference to privacy and safety, to personal identity and to the personal data protection right.
We recall that “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 of GDPR).
1. Subject of the processing and data source
The data collected by Sefin S.p.A. refers to:
• Personal data (name and surname)
• Contact details (e-email, residential / living address)
• Any distinguishing features appearing in the Identity Document
• The working relationship with Sefin S.p.A.
That personal data is collected from the data subject or from his/her representative.
The conferral by the data subject demonstrates the authorization of his/her data communication
2. Legal basis for the processing
The legal basis for the processing lies (i) in your explicit and clear consent (ex article 6.1, point A of the GDPR) and (ii) in the legitimate interest of the Controller (ex art. 6.1, point F of the GDPR).
3. Purpose of the processing
Personal data and any changes you will communicate to Sefin S.p.A. are collected and processed with the only purpose of taking charge and of answering to your request through this form.
4. Methods of data processing
The data processing shall be limited to the following operations and in this way:
- Data collection from the data subject, filling in the online form;
- Recording and processing on a computerized system;
- Archives’ organization in a mainly automated way, through business applications and computerized registries
- Communication of your data to third parties, duly authorized by the Controller.
Data processing will take place using instruments suitable to ensure the confidentiality, integrity and availability, in observance of suitable technical and organizational measures for privacy provided by GDPR.
Data processing will be carried out through automated information system and will include all the operations or set of operation required under Article 4 of GDPR and needed to the processing, including the communication to the Data subject.
Personal data wont’ be circulated, but they will or could be communicated to public or private entities that operate under the purpose listed above.
5. Data Retention
The Controller will process your personal data for the time required to fulfill the purposes written above and however for no more than two years after collection.
6. Access to data processing
Personal data will be made accessible, for the purpose at point 3:
- To employees / collaborators as authorized to the processing, prior to suitable appointment;
- To the third parties, identified as being responsible of processing by the Controller.
Your data won’t be communicated to not-authorized third parties.
7. Data Transfer
Data management and conservation will be performed on server inside de EU, property of the Controller or of third parties duly appointed as Responsible of processing. Personal data won’t be transferred outside the European Union.
8. Nature of the data providing and refusal to answer’s implications
For the purpose at point 3.a), data providing is mandatory. Without them, it won’t be possible to taking charge and answering to your contact request.
9. Rights of the data subject
According to the GDPR provisions, the data subject shall have the following rights in respect of the Controller:
- To obtain confirmation as to whether or not data related to him or her are being processed, and where that is the case, to obtain access to the personal data (Article 15, Right of access)
- To obtain the rectification of inaccurate personal data concerning him or her without undue delay (Article 16, Right to rectification)
- To obtain the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay, if certain conditions exist (Article 17, Right to be forgotten)
- To obtain restriction of processing in certain cases (Article 18, Right to restriction of processing);
- To receive the personal data concerning him or her carried out, and to transmit that data to another Controller, without obstacles from the first controller, assuming certain cases (Article 20, Right to data portability)
- To object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him or her (Article 21, Right to object)
- To receive notice of the personal data breach suffered by the Controller without undue delay (Article 34)
- To revoke the consent given, at any time (Article 7, Conditions for consent).
Where applicable, the data subject shall have also the rights under articles 16-21 of the GDPR (Right to Rectification, Right to be forgotten, Right to restriction of processing, Right to data portability, Right to object), as well as the Right to compliant to the Guarantor Authority.
10. How to exercise your rights
11. The Controller
The Controller is Sefin S.p.A.
Partita Iva/ WAT number: 04919090151.
Address: 10, Viale Zara, 20124 Milan - Italy.
The list of managers and collaborators authorized to the processing is available at the place of the Controller above-mentioned.
12. Updating of this notice
This notice may be modified. Any substantial change will be transmitted to the data subject through notice or publication on Sefin website.